The information of more than 600,000 Email.it users has been put on sale on the dark web after the Italian email provider refused to pay “a little bounty” to hackers threatening to release the stolen data.
Email.it has confirmed it suffered a hacker attack, ZDNet reports. The incident came to light this weekend when a hacker group named NN (No Name) Hacking Group shared a series of snapshots on the dump on Twitter claiming that the hack dated back to January 2018.
“We breached Email.it Datacenter more than 2 years ago and we plant ourself like an APT. We took any possible sensitive data from their server and after we choosen to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers. They didn't contacted their users/customers after breaches!” the statement on the hackers’ website says.
The offered for sale data includes 44 databases containing plaintext passwords, security questions, email content, and email attachments for more than 600,000 users who signed up and used the service between 2007 to 2020. The databases contain data on users who signed up for a free Email.it email account, so-called professional accounts were not impacted.
According to an Email.it spokesperson, the hackers attempted to blackmail the Italian provider threatening to release the stolen data, but the company refused to pay and reported the incident to the Italian Postal Police. The group then decided to sell stolen data for a price that varies between 0.5 and 3 bitcoin ($3,700 and $22,300).
The hackers also claim to have stolen the source code of all Email.it’s web apps, including admin and customer-facing applications.
Email.it said it has secured its server and notified the local authorities, including the country’s privacy watchdog about the incident.